[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Transparent hijacking of SMTP submission...

Subject: Transparent hijacking of SMTP submission...
From: owen at delong.com (Owen DeLong)
Date: Wed, 3 Dec 2014 13:00:15 -0800
In-reply-to: <D0A1D521.EC149%[email protected]>
References: <m2k32ehvaj.wl%[email protected]> <[email protected]> <D0A1D521.EC149%[email protected]>

> On Dec 1, 2014, at 5:25 AM, Livingood, Jason <Jason_Livingood at cable.comcast.com> wrote:
> 
> On 11/29/14, 3:17 PM, "John Levine" <johnl at iecc.com> wrote:
> 
>> PS: I know enough technical people at Comcast that I would be
>> extremely surprised if it were Comcast doing this.  There's plenty not to
>> like about the corporation, but the technical staff are quite competent.
> 
> Thanks, John! I can tell folks here unequivocally that (1) the recent
> press article on STARTTLS re-writing did *not* involve Comcast and (2)
> Comcast does not engage in the claimed practice. In fact, weÄ?re supporters
> and early deployers of STARTTLS on our own mail service.
> 
> I do not know how to explain the issue reported on this list. Absent a
> packet capture it is impossible for me to analyze this further. If
> anything, I could only imagine it was a misconfiguration someplace, but I
> have no idea where or in what network element thatÄ?d even be possible. IÄ?m
> happy to work with anyone that has more info to try to troubleshoot this.
> 
> - Jason Livingood
> Comcast

I have encountered similar issues on some hotel networks.

Usually, a well meaning, but severely misinformed hotel administrator decides that:

1.	People donâ??t know what theyâ??re doing and configure theyâ??re laptops to use their [corporate|home|usual]
	mailserver even when theyâ??re on the road, often without authentication.

2.	Debugging peopleâ??s laptops for them takes a lot of time and reduces customer satisfaction.

so

3.	Letâ??s just redirect all port 25/587 to our own local SMTP proxy which canâ??t possibly support TLS
	because we donâ??t have all the right certificates (nor should we), so it wonâ??t announce the STARTLES
	capability.

I donâ??t know if thatâ??s what happened in this case, because, as you say, without first-hand information and
packet-captures, itâ??s impossible to tell, but I will say that if you intend to use TLS, make sure your MUA
REQUIRES TLS, rather than preferring TLS when available (as is default on many MUAs, unfortunately).

Owen

References:
- Transparent hijacking of SMTP submission...
  - From: Jason_Livingood at cable.comcast.com (Livingood, Jason)

Prev by Date: Comcast IPv6 issues..?
Next by Date: Comcast IPv6 issues..?
Previous by thread: Transparent hijacking of SMTP submission...
Next by thread: Transparent hijacking of SMTP submission...
Index(es):
- Date
- Thread